To Pay or Not to Pay? Part 1: When Paying Is the Best Option 

THE AUTHOR

Brad Rudisail
June 10, 2022

To Pay or Not to Pay? Part 1: When Paying Is the Best Option 

It was just over a year ago that Colonial Pipeline was brought down with a devastating ransomware attack. Within 24 hours of discovering the ransom note, CEO Joseph Blount made the decision to pay $4.4 million to the perpetrators. In an interview with the Wall Street Journal, Blount said that the although the decision was a difficult one, it was “the right thing to do for the country.” 

 Paying the Ransom is a Personal Decision 

The decision of whether to pay the ransom or not is one of the most stressful ordeals a company can make. There is a lot of pressure out there from governments, law enforcement and the cybersecurity community not to pay a ransom, and there are certainly some good reasons not to (See Part 2 for more on this.)

In fact, there are those who want to ban organizations from paying ransoms altogether. But in the immortal lyrics of Elvis Presley, “Before you abuse, criticize and accuse, just walk a mile in my shoes.” That's because every situation is different, and sometimes a company must do what’s best for the business and those that rely on its operations. 

Sometimes There Is No Choice 

It's always best to have options, but sometimes you can find your back against the wall when you don’t have any. A working backup of your critical data and virtual server infrastructure is your get-out-of-jail card.

Sometimes however, victimized organizations find themselves without a card to play after a ransomware attack. If your organization lacks a proper backup strategy or if the attackers manage to take out your backups prior to the attack, there is no ace in the hole. Without a way to restore your data to a production state, the only alternative to paying the ransom might be to close the doors. Lincoln College in Illinois was recently forced into that tragic state of affairs.

You May Have to Pay out of Duty 

As the manager of the largest pipeline system for refined oil products in the United States, one can argue that Colonial Pipeline had a ‘duty of care’ to the areas they serve. Certainly, a regional power company during times of extreme temperatures would be obligated to restore operations as quickly as possible, and similar obligations could be applied to health care or educational settings.

Then there is the issue of third-party data. Many ransomware gangs exfiltrate data before encrypting it. They then threaten to publish the data as a second form of extortion should the victim be able to restore their data from a backup. This creates a gray area, as paying the ransom would preserve the privacy of those whose data was compromised. Certainly, those individuals would encourage that the ransom be paid. 

Paying the Ransom Might Be Cheaper and Faster 

While it may be naïve, let’s assume that paying the ransom would guarantee your data back. Should you decide not to pay the ransom, you must factor in the opportunity cost that decision based on that assumption.

Restoring data from backups is time consuming. In addition to losing money during the prescribed down time, your business is incurring costs for mitigation, recovery, and possible fines for non-compliance.

You may also endure future litigation costs. In the end, the total cost of ransomware exceeds the ransom payment in most cases. The fact that the ransom is a cheaper alternative is not by accident—experienced ransomware organizations know what these costs are and price their ransom accordingly. Like it or not, paying the ransom can be a smart business decision. 

Be Realistic

In the end, the decision to pay isn’t as cut and dry as it seems, and the decision to do so is one that you won't be proud of. There are times in life however, when you are forced not to choose the best option, but the “least worst” option facing you.  

Sign Up For Our Newsletter

Don't worry, we hate spam too!

Other Articles You May Be Interested In:

Get Help Preparing For; Preventing;

Or Recovering From Ransomware Now

Get The Latest On Ransomware 
Right In Your Inbox

Sign Up To Receive Our 
Monthly Ransomware Newsletter

envelope
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link
Powered by Social Snap